CISO Priorities 2023: Automation Over Cost-Cutting

We surveyed 213 U.S. cybersecurity executives on their priorities for the new year. Here’s what their responses tell us about how cybersecurity is evolving amid the recession.

Table of Contents

Our CISO Priorities 2023 survey reveals cybersecurity leaders’ thoughts about different cybersecurity projects and gives an understanding of what is most important for the next year. 

This year’s results provide a really interesting view into what matters most. The most common trend we noticed across the different responses from the survey, is an overall focus on increasing efficiencies across current security tools.

Let’s take a look at the results and dive further into what this means.

Top Cybersecurity Priorities

One of the top priorities for the year is that 89% of CISOs cite risk-based vulnerability management as a top priority for this year. This is fairly consistent with what we’ve seen over the last few years where vulnerability assessments are conducted followed by a risk-based approach towards the remediation of vulnerabilities and threats discovered. It also speaks to the sheer number of existent known and unknown vulnerabilities. CISOs can only spend their resources on managing the most pertinent vulnerabilities. 

The other top-priority project to note is that 86% of CISOs expressed that automating threat detection and response is a top priority. This speaks to the importance of increased efficiency throughout cybersecurity operations which we see heavily reflected throughout the rest of the survey results. With so many CISOs still using a risk-based approach to vulnerability management, it’s interesting to see they also want to automate threat detection and response efforts.

High-Priority Information Security Projects

Top high-priority projects also reflect the need for increased efficiency across cybersecurity operations with respondents noting the importance of:

  • Integrating cybersecurity capabilities with new and existing technologies
  • Shifting from legacy cybersecurity platforms to cloud
  • Unifying threat visibility across all assets 

With these projects we see that CISOs’ strategy for 2023 is to adopt cybersecurity tools that are compatible with their existing technologies in order to maximize effectiveness of their cybersecurity ecosystem. 

CISOs also note the importance of detecting compromise across their network, which 83% of respondents recognize as a high priority.

Emerging Cybersecurity Priorities

The emerging priorities show some interesting findings as well. CISOs are becoming more intentional in the way they plan to address their cybersecurity strategy for the next year. They want to be more informed to respond to threats appropriately with 74% of CISOs citing they plan to leverage the MITRE ATT&CK Matrix to help them make cybersecurity decisions and 74% also noting that they’d like to bring part of their cyber operation in-house. These projects in addition to the optimization of SOC alert management reflect that cybersecurity leaders want a more hands-on approach and increased efficiency in their overall cybersecurity strategy. 

Access the Full CISO Priorities 2023 Infographic

This survey always provides interesting insights from cybersecurity leaders. To take a closer look at the results, you can access the CISOs Priorities Flashcard here.

Subscribe to Our Blog

Get the latest cybersecurity articles and insights straight from the experts.

Share this post


The Log4j vulnerability (also known as CVE-2021-44228) affects 1000's of software applications.

Log4j: What You Need to Know

Reading Time: 2 mins The Log4j vulnerability (designated as CVE-2021-44228 by MITRE) affects 1000’s of software applications. Here are some quick facts and how Lumu helps.